At SAS, we use and contribute to a wide range of open source projects. This series – SAS contributes – Highlights how our teams give back to the open source community. In this installment, we focus on OpenSearch.
If you’ve ever scanned through thousands of system logs or product reviews to find a single phrase, you’ve encountered the kind of challenge that OpenSearch was designed to solve.
Unlike traditional databases that store structured data in ordered rows and columns, OpenSearch is designed for unstructured data—massive amounts of text, records, and documents.
“OpenSearch is good at storing that data and then being able to search through it.
We use it on my side to monitor SAS Viya, collect all log messages and allow administrators to find messages of interest.
— Greg Smith, lead software developer
Other SAS teams implement it in different ways. Visual Investigator uses OpenSearch to power everything from text searches and fuzzy searches to geographic searches and chart-style visualizations. The risk and information catalog is also relied upon for many tasks.
Why was SAS involved?
SAS’s relationship with OpenSearch has roots in its predecessor, Elasticsearch. Once security features, such as document-level security controls, became premium Elasticsearch plugins, SAS turned to a commercial plugin, Search Guard, to implement this functionality.
Amazon then split off Elasticsearch and created OpenSearch, which inherited much of Search Guard’s code. For SAS, this fork represented a new beginning and an opportunity to shape the future. Moving OpenSearch to the Linux Foundation solidified its position as a truly community-driven project – an environment that SAS wanted to support and help foster.
“At the time, we weren’t just licensing Search Guard — we were actually finding bugs, submitting fixes, and working directly with their team. So, to some extent, we were contributing all the time. Now, with open source OpenSearch, it’s easier.”
— Terry Quigley, lead software developer
SAS contributions to open source research
At the heart of SAS’s engagement lies a deep focus on security and compliance. Early on, the team undertook the extensive work required for the security plugin, with the goal of complying with FIPS 140-2 – a difficult but critical standard for many enterprise environments. This involves updating the hash AlgorithmsImprove certificate handling and ensure seamless integration with trusted libraries like Bouncy Castle. Bug fixes and improvements have even been reached in related projects such as Password 4J, helping the entire OpenSearch downstream ecosystem to become more robust.
The team also contributed Helm charts, simplifying Kubernetes deployments so users can spin up and scale OpenSearch clusters more easily. These improvements have lowered the barrier for organizations to securely adopt open search, regardless of the complexity of their infrastructure.
Active participation in plug-in meetings became a cornerstone of their involvement, as they worked alongside stakeholders from Amazon, SAP, and other industry leaders. This ongoing dialogue has fostered collaboration on critical issues, such as newly discovered vulnerabilities, major upgrades – including those involving Java and OpenSAML – and integration of new features.
Investing in open research is not just limited to product development; It’s about fostering an open and collaborative ecosystem that benefits all participants.
“As in any project, but especially in open source projects, they say that to get started you should choose something simple. This was kind of the opposite. TIt’s like, “Pick probably the hardest thing to think about and a really huge project with hundreds of repositories and do that.”
— Terry Quigley, lead software developer
Why contribute?
Naturally, the following question arises: Why don’t we keep these developments private and use them as a competitive advantage? Sustainability was a major concern. Maintaining a private branch of OpenSearch meant rebuilding and merging changes every six weeks, a workload that quickly proved unmanageable.
“If it were just internal, the cost of eternal vigilance would be all on SAS. In open source, we share that responsibility – and it’s the right thing to do.”
— Craig McNulty, Director of Software Development
By contributing openly, quality is never compromised. Public collaboration brought in a broader range of reviewers and perspectives, helping to catch subtle errors before they became real problems.
The commitment to open collaboration not only eased the burden, but also reinforced the values, such as fairness, that drive both SAS and the broader community.
“SAS uses a lot of open source software. It seems only fair and right for us to contribute again.”
— Terry Quigley, lead software developer
Benefits to SAS and the community
Through open collaboration, SAS has ensured that its products meet stringent FIPS standards, providing customers with increased confidence and compliance, while also sharing these security improvements with the entire community.
Direct interaction with OpenSearch’s diverse user base has given SAS unique insights into how organizations deploy technology. This means we can detect potential problems early and respond proactively.
“What we put into it, others will build on it in the future. This groundwork makes things easier for everyone — including us.”
— Stuart Brown, lead software developer
Looking forward
From securing searches to enhancing cross-compliance Sass® Via®OpenSearch has become woven into the fabric of SAS solutions. Contributing to its growth ensures that both SAS and the wider community continue to benefit.
“We can’t scale to solve bigger problems unless we work with people we might consider competitors.”
— Craig McNulty, Director of Software Development
